A Novel Feature Set for Application Identification

H Oudah, B Ghita, T Bakhshi

Research output: Contribution to journalArticlepeer-review

2 Downloads (Pure)

Abstract

Classifying Internet traffic into applications is vital to many areas, from quality of service (QoS) provisioning, to network management and security. The task is challenging as network applications are rather dynamic in nature, tend to use a web front-end and are typically encrypted, rendering traditional port-based and deep packet inspection (DPI) method unusable. Recent classification studies proposed two alternatives: using the statistical properties of traffic or inferring the behavioural patterns of network applications, both aiming to describe the activity within and among network flows in order to understand application usage and behaviour. The aim of this paper is to propose and investigate a novel feature to define application behaviour as seen through the generated network traffic by considering the timing and pattern of user events during application sessions, leading to an extended traffic feature set based on burstiness. The selected features were further used to train and test a supervised C5.0 machine learning classifier and led to a better characterization of network applications, with a traffic classification accuracy ranging between 90- 98%.
Original languageEnglish
Pages (from-to)764-773
Number of pages0
JournalInternational Journal for Information Security Research
Volume8
Issue number1
Early online date30 Mar 2018
DOIs
Publication statusPublished - 30 Mar 2018

Fingerprint

Dive into the research topics of 'A Novel Feature Set for Application Identification'. Together they form a unique fingerprint.

Cite this